Android is a mobile operating system (OS) developed based on Linux. Thus, part of Linux kernel has an option for Android.
Container technology is a technology used to provide an isolated virtual space of operating system level using namespace and control groups (cgroups). According to container technology, because it does not support device or kernel virtualization, it shares the kernel and device with Linux. That is, the container and Linux shares the process directory/proc having various process information and the system directory/sys including system and device information. Then, the container can operate two systems by isolating the virtualized space using the namespace and restricting resources such as cpu or memory using the cgroups. Using this container technology, it is possible to run the Android container on the Linux operating system.
Meanwhile, Security-Enhanced Linux (SELinux) is a type of Linux Security Module (LSM) provided by Linux based operating system, and the SELinux file system is placed on /sys/fs/selinux of Linux and operates according to a policy placed on the corresponding folder in an operating system booting process.
Furthermore, Security Enhancements for Android (SEAndroid) is made to apply to an Android framework based on SELinux, and operates in the same way as SELinux.
Accordingly, when the Android container runs on the Linux operating system, the Android container mounts the SEAndroid file system in the system directory/sys shared with Linux, causing a conflict problem of the SEAndroid file system overwriting the SELinux file system. In this case, the SELinux file system is erased, and normal operation of Linux operating system processes becomes difficult.